| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174786678048.1383760.1562421474540065349.stgit@frogsfrogsfrogs>
Date: Wed, 21 May 2025 15:42:14 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: tytso@....edu
Cc: linux-ext4@...r.kernel.org
Subject: [PATCH 28/29] fuse2fs: propagate default ACLs to new children
From: Darrick J. Wong <djwong@...nel.org>
generic/319 points out that we don't propagate the default ACL from a
directory into new children. Do that, since that's expected behavior.
Signed-off-by: "Darrick J. Wong" <djwong@...nel.org>
---
misc/fuse2fs.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 103 insertions(+), 21 deletions(-)
diff --git a/misc/fuse2fs.c b/misc/fuse2fs.c
index 71e81992cc1819..a9f753c775db09 100644
--- a/misc/fuse2fs.c
+++ b/misc/fuse2fs.c
@@ -866,6 +866,96 @@ static int op_readlink(const char *path, char *buf, size_t len)
return ret;
}
+static int __getxattr(struct fuse2fs *ff, ext2_ino_t ino, const char *name,
+ void **value, size_t *value_len)
+{
+ ext2_filsys fs = ff->fs;
+ struct ext2_xattr_handle *h;
+ errcode_t err;
+ int ret = 0;
+
+ err = ext2fs_xattrs_open(fs, ino, &h);
+ if (err)
+ return translate_error(fs, ino, err);
+
+ err = ext2fs_xattrs_read(h);
+ if (err) {
+ ret = translate_error(fs, ino, err);
+ goto out_close;
+ }
+
+ err = ext2fs_xattr_get(h, name, value, value_len);
+ if (err) {
+ ret = translate_error(fs, ino, err);
+ goto out_close;
+ }
+
+out_close:
+ err = ext2fs_xattrs_close(&h);
+ if (err && !ret)
+ ret = translate_error(fs, ino, err);
+ return ret;
+}
+
+static int __setxattr(struct fuse2fs *ff, ext2_ino_t ino, const char *name,
+ void *value, size_t valuelen)
+{
+ ext2_filsys fs = ff->fs;
+ struct ext2_xattr_handle *h;
+ errcode_t err;
+ int ret = 0;
+
+ err = ext2fs_xattrs_open(fs, ino, &h);
+ if (err)
+ return translate_error(fs, ino, err);
+
+ err = ext2fs_xattrs_read(h);
+ if (err) {
+ ret = translate_error(fs, ino, err);
+ goto out_close;
+ }
+
+ err = ext2fs_xattr_set(h, name, value, valuelen);
+ if (err) {
+ ret = translate_error(fs, ino, err);
+ goto out_close;
+ }
+
+out_close:
+ err = ext2fs_xattrs_close(&h);
+ if (err && !ret)
+ ret = translate_error(fs, ino, err);
+ return ret;
+}
+
+static int propagate_default_acls(struct fuse2fs *ff, ext2_ino_t parent,
+ ext2_ino_t child)
+{
+ void *def;
+ size_t deflen;
+ int ret;
+
+ if (!ff->acl)
+ return 0;
+
+ ret = __getxattr(ff, parent, XATTR_NAME_POSIX_ACL_DEFAULT, &def,
+ &deflen);
+ switch (ret) {
+ case -ENODATA:
+ case -ENOENT:
+ /* no default acl */
+ return 0;
+ case 0:
+ break;
+ default:
+ return ret;
+ }
+
+ ret = __setxattr(ff, child, XATTR_NAME_POSIX_ACL_DEFAULT, def, deflen);
+ ext2fs_free_mem(&def);
+ return ret;
+}
+
static int op_mknod(const char *path, mode_t mode, dev_t dev)
{
struct fuse_context *ctxt = fuse_get_context();
@@ -989,6 +1079,9 @@ static int op_mknod(const char *path, mode_t mode, dev_t dev)
ext2fs_inode_alloc_stats2(fs, child, 1, 0);
+ ret = propagate_default_acls(ff, parent, child);
+ if (ret)
+ goto out2;
out2:
pthread_mutex_unlock(&ff->bfl);
out:
@@ -1130,6 +1223,10 @@ static int op_mkdir(const char *path, mode_t mode)
goto out3;
}
+ ret = propagate_default_acls(ff, parent, child);
+ if (ret)
+ goto out3;
+
out3:
ext2fs_free_mem(&block);
out2:
@@ -2554,7 +2651,6 @@ static int op_getxattr(const char *path, const char *key, char *value,
struct fuse_context *ctxt = fuse_get_context();
struct fuse2fs *ff = (struct fuse2fs *)ctxt->private_data;
ext2_filsys fs;
- struct ext2_xattr_handle *h;
void *ptr;
size_t plen;
ext2_ino_t ino;
@@ -2583,23 +2679,9 @@ static int op_getxattr(const char *path, const char *key, char *value,
if (ret)
goto out;
- err = ext2fs_xattrs_open(fs, ino, &h);
- if (err) {
- ret = translate_error(fs, ino, err);
+ ret = __getxattr(ff, ino, key, &ptr, &plen);
+ if (ret)
goto out;
- }
-
- err = ext2fs_xattrs_read(h);
- if (err) {
- ret = translate_error(fs, ino, err);
- goto out2;
- }
-
- err = ext2fs_xattr_get(h, key, &ptr, &plen);
- if (err) {
- ret = translate_error(fs, ino, err);
- goto out2;
- }
if (!len) {
ret = plen;
@@ -2611,10 +2693,6 @@ static int op_getxattr(const char *path, const char *key, char *value,
}
ext2fs_free_mem(&ptr);
-out2:
- err = ext2fs_xattrs_close(&h);
- if (err && !ret)
- ret = translate_error(fs, ino, err);
out:
pthread_mutex_unlock(&ff->bfl);
@@ -3153,6 +3231,10 @@ static int op_create(const char *path, mode_t mode, struct fuse_file_info *fp)
ext2fs_inode_alloc_stats2(fs, child, 1, 0);
+ ret = propagate_default_acls(ff, parent, child);
+ if (ret)
+ goto out2;
+
ret = __op_open(ff, path, fp);
if (ret)
goto out2;
Powered by blists - more mailing lists